const cors = require("@koa/cors");
exports.cors = () => {
  return cors({
    origin: (ctx) => {
      // 仅允许指定域名跨域
      const whiteList = [
        "http://localhost", // 新增：HTTP 协议，无端口（等价于 80）
        "http://localhost:80", // 保留：HTTP 协议，带端口
        "https://localhost",
      ];
      return whiteList.includes(ctx.header.origin) ? ctx.header.origin : false;
    },
    allowMethods: ["GET", "POST", "PUT", "DELETE"],
    allowHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
    credentials: true,
    maxAge: 86400,
  });
};
